Ransomware: What It Is And What To Do About It

Ransomware attacks are not only booming, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but as e-mail systems got better at filtering out spam, cyber criminals are turning to new delivery methods.

In newly identified cases of ransomware, some cyber criminals aren’t using e-mails at all. These attacks have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI advises against paying in response to a ransomware attack. Their feeling is that paying the ransom doesn’t guarantee that you will your data back and there are cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only encourages current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity.

What does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

  • Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

There’s no one method or tool that will completely protect you or your organization from a ransomware attack but contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.

If you or your organization have been the victim of ransomware, contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.